DoJ And FBI Now Issuing Command To Botnet Malware

Looks like the FBI is starting to get pretty serious about fighting malware. Traditionally they have attacked the servers that activate and control botnets made up of infected computers. This time they’re going much further by taking control of and issuing commands to the botnets. In this instance it’s a nasty little bug called Coreflood, and they’ve been given permission to take the yet-unheard-of step by a federal judge.

An outside company called Internet Systems Consortium has been tapped to do the actual work. It will call upon the malware on infected computers and issue a command to shut it down. That falls short of fixing the problem as Coreflood will try to phone home again upon reboot. This gets back to the initial problem; we won’t ever be able to stop malware attacks as long as there are users who do not have the knowhow (or simply don’t care) to protect and disinfect their own computer systems.

How long do you think it will be before some black hat comes up with a countermeasure against this type of enforcement?

What a pathetic attempt to seem like they are actually doing something. Rather than connecting to the computer and shutting it down, why don’t they just batch together a simple script to actually remove the bot they are obviously exploiting to connect. I am sure they can come up with something rather simple if they took the time to actually give two shits about the problem.

Finding a botnet and simply giving a shut down command is epic fail. As for educating users to keep them from installing a bot? It will never happen. You cannot educate a mass of people who are too lazy to even get up to find their remote control to change the channel and think the Shake Weight is actually a good exercise utility.

Teach them not to open EXE files and they will fall for social engineering that gets them to open an SCR file. For every person you educate, a malicious user will find two new ways to infact that same moron.

Why isue a shutdown command? Why not have it present a popup or some other form of message to te affected systems…something on the order of “This is the FBI. Your system has been comprimised by malware and is now part of a botnet. Please install antivirus/antimalware as soon as possible…thank you for your cooperation.”

The White House has drafted legislation which provides the first step for exactly what you are describing. It is not the WH’s job to write legislation, but then again why would anyone question. To my knowledge the US Air Force was actually tasked with cyber security a few years ago… so why the redundancy? Also, isn’t it DHS that oversees the TSA?

@Stevie Just because other countries USE the Internet, does not mean that the US doesn’t OWN the Internet. Also, when someone from out of the federal government’s jurisdictions attacks someone within, the government can, and should, step in.

@Pup: That’s simply a matter of personal opinion. People don’t use antivirus because they don’t want McAfee and Norton/Symantec bloatware/bullyware slowing them down AND charging them to do so. In my experience, most people who ask me to clean their systems for them buy computers with this free trial or that one, and never bother to purchase a license or replace it with a free one.

@assi9, Simply moving to GNU/Linux will not solve the problem. It will only encourage more malware activities targeting the new Linux users. Sure, the level of success won’t be as high, initially, but how hard is it for a script to brute force root’s password and do whatever the scripter is clever enough to do?

But the topic isn’t the users, nor the antivirus solutions they may or may not employ. The topic was at least one of the government’s approaches to stop botnets specifically. I agree that this particular method alone won’t be very effective, but I’m confident that we only know one, small aspect of the plan and that we can see some better protection from botnets in the future.

Uh, Stevie, I hate to break it to you, but the .com TLD belongs to the US. I don’t see how it makes sense to argue that a US TLD, ultimately handled by US registrars, is outside the jurisdiction of a US federal law-enforcement agency.

Also, we may not own the whole Internet, no, but we invented it and we can damn well run it as we please. Feel free to partition if that bothers you too much to stand. (In fact, feel free to partition regardless, for all of me. It would upset me not at all to lose the constant attack traffic I get from the more godforsaken parts of eastern Europe.)

Just because America had some basic networking going doesn’t mean they invented the internet.

Basically you yanks created a square wheel. We took that square wheel, made it round and built a fucking ferrari.

Bloody yanks need to realise they don’t own the world. You do realise that the only country in the world who thinks America is superior is…. America. The rest of the world think you’re a bunch of morons.

@Aaron -How many times to people have to be corrected…The “world wide web” as we now know it originated at CERN. It is widely reguarded that they invented the internet. What the USA did was provide an infastructure(originating from DARPAnet) for it to operate on. Saying that the internet was invented by the US would be like saying that cable companies invented TV.

Im going to go make my own internets. No FBI or botnets allowed. Girls are welcome as long as it doesnt end up like myspace in here. All of my IP addresses will be based on symbols like ḴÆƂƴƵǣȸ and every thursday all text will be changed at random to wingdings

On further review of this topic…I believe the US should be doing everything it can to learn how to run their own botnets and making more worms like the STUXNET. Future wars will be digital, could you imagine using a worm or virus to create a botnet of an enemy’s fleet of drones? How far off could this be? 15-25 years?

If the “shutdown” command only works until the box is rebooted, this isn’t really a solution. I think it’s more likely that they’re just testing the waters.

I wouldn’t think this is legal anyway. No matter their intentions, the moment .gov issues the command, they will be controlling software on my box without my permission. I’d hope they need a warrant or something to do that.

If there is a law allowing this, I would expect law enforcement to bend the law as much as they can. Law enforcement generally feels it’s justified in a little rule-bending if the result is what they deem positive. In their defense, the criminals are doing the same thing. Long story short, “sending a command to a piece of malware” slowly gets redefined to “sending an exploit with payload to any piece of software we consider malicious.” Granting the authorities more power is a slippery slope. We hand our rights away and forget about it, as long as it’s not our door being knocked-on.

The point is that there are several agencies that monitor the Internet in the USA (and yes, has International jurisdiction). The Secret Service has been a leader in policing the Internet for several years now.

I actually see a usefulness in this methodology, albeit they should still fight the malware itself, but

If the computers kept receiving commands to shut down, the users who normally wouldn’t think about scanning their computers etc will probably either get a new one (I do know some people who think that immediately), or they would take it somewhere to get checked or call someone in.
Therefor, assuming the person checking the computer has a half-decent work methodology, it’ll finally at least be scanned and maybe even restored.

I personally think that the source of the problems are more important, but it might help for the time being.

@Jimmy – The shutdown message being sent was for the *bot* to shut down, not the computer itself. As the bot is (by design) not something a user is likely to see, they aren’t going to notice it shutting down, except, possibly, as an increase in available compute power for running minesweeper.

perhaps they should track down the coders that write the viruses, exile them to some far off corner of siberia and let them freeze to death. but thats just my opinion. obviously unrealistic and politically incorrect.

Countermeasures nothing — government computer security “experts” and the companies hired by the fed are generally outhacked by teenage 4channers who just download tools off torrent sites.

The people actually writing these botnets are A> usually outside the FBI’s jurisdiction (call me when the CIA gets involved), and B> so far out in front of the average government contractor that I’d be shocked if inside a year we don’t see this government attempt at “controlling the botnets” turned around and used to hack the fed.

Ok paranoid much? First let’s not knock the hackers or writers of auspicious code to much those same people….
1. Read this site daily not smart to piss on your own Wheaties if you think about it.
2. Are the same people who know head the governments Cyber-Securities and Weapons Control Security as well as Social Security, The Securities Exchange Commission, Or even more well known things Like Norton Anti virus Avg Anti Virus SpyBotSd.

so it is because of hackers we have security and lets face it hackers run everything people are just to stupid to realize it.

So hackers are needed they protect us they show us new and wonderful ways to create things as well as stop others from destroying our things.

I just think as I said this is another excuse for government control over everything Americans do. And yes they are trying to pass legislation that allows the government to randomly just peek into your system and run key loggers to see what you are saying when ever they choose to. Who cares about anything else I mean really?